« Return to Thread: Questions on TroopMaster DotNet Security
Questions on TroopMaster DotNet Security
by Zachary Heaton-2
::
Rate this Message:
All,
I am an ASM with a Troop that is considering purchasing a TroopMaster
DotNet license to supplement our existing Troopmaster license. I'm
concerned about the security implications of regularly transmitting
Troop personal data across the Internet, and have reviewed the
TroopMaster DotNet literature and FAQs to determine what steps
TroopMaster takes to secure personal data. Unfortunately, what I've
read so far has not been fully enlightening. Can anyone, either a
savvy customer or a TroopMaster employee, answer some of the following
questions:
1.) Does DotNet connect to the FTP server used to store the data file
using standard (unencrypted) FTP, or does it use SFTP or FTPS
(encrypted) connections to secure the FTP login information? If
standard FTP is used, then sniffing the FTP passwords from network
traffic would be trivial for an attacker, and the entire security
scheme hinges on the strength of the data file encryption.
2.) The TroopMaster website states that data files can be encrypted
using 256-bit AES encryption. However, TroopMaster also provides a
password recovery service <http://www.troopmaster.com/password/> which
can recover the data encryption password. This implies either the
existence of a global "unlock" password, or a key generation algorithm
which can generate "unlock" passwords from TroopMaster license
information. Since having this global password or algorithm would
enable an attacker to unlock any TroopMaster data file anywhere, how
is this global password secured? Is the number of TroopMaster
employees with access to this key limited? If a key generation
algorithm has been used, has the algorithm design been audited by a
recognized cryptographic expert?
3.) The DotNet website has this to say on the advantages of using the
TroopMaster FTP site:
> For all of our versions of DotNet, security is further enhanced if
> you rent your FTP site directly from Troopmaster Software because we
> don't release the actual location of the server to anyone. The site
> can only be used by and for DotNet.
This statement seems nonsensical - packet sniffing of the data
transfer from a TroopMaster client would trivially reveal the IP
address of the server, which in turn would probably reveal the
physical location (or at least the datacenter) of the server
hardware. What location is being protected here, how, and why? If
the server is properly secured, how does hiding the server location
improve the security of the data?
4.) The DotNet website says that it is possible to block sensitive
data fields (SSNs, driver license numbers) from certain users. Are
these restrictions cryptographically enforced, or are they only
enforced by TroopMaster permissions-checking logic? If the latter,
has the possibility of unauthorized users recovering sensitive data
either by reverse-engineering the file format or by examining program
state using a debugger been considered and addressed?
Thanks in advance for any light you can shed on these issues - I'm
intrigued by the capabilities that DotNet provides, but I want to make
sure that we're appropriately protecting Scout personal information.
Regards,
Zach Heaton
I am an ASM with a Troop that is considering purchasing a TroopMaster
DotNet license to supplement our existing Troopmaster license. I'm
concerned about the security implications of regularly transmitting
Troop personal data across the Internet, and have reviewed the
TroopMaster DotNet literature and FAQs to determine what steps
TroopMaster takes to secure personal data. Unfortunately, what I've
read so far has not been fully enlightening. Can anyone, either a
savvy customer or a TroopMaster employee, answer some of the following
questions:
1.) Does DotNet connect to the FTP server used to store the data file
using standard (unencrypted) FTP, or does it use SFTP or FTPS
(encrypted) connections to secure the FTP login information? If
standard FTP is used, then sniffing the FTP passwords from network
traffic would be trivial for an attacker, and the entire security
scheme hinges on the strength of the data file encryption.
2.) The TroopMaster website states that data files can be encrypted
using 256-bit AES encryption. However, TroopMaster also provides a
password recovery service <http://www.troopmaster.com/password/> which
can recover the data encryption password. This implies either the
existence of a global "unlock" password, or a key generation algorithm
which can generate "unlock" passwords from TroopMaster license
information. Since having this global password or algorithm would
enable an attacker to unlock any TroopMaster data file anywhere, how
is this global password secured? Is the number of TroopMaster
employees with access to this key limited? If a key generation
algorithm has been used, has the algorithm design been audited by a
recognized cryptographic expert?
3.) The DotNet website has this to say on the advantages of using the
TroopMaster FTP site:
> For all of our versions of DotNet, security is further enhanced if
> you rent your FTP site directly from Troopmaster Software because we
> don't release the actual location of the server to anyone. The site
> can only be used by and for DotNet.
This statement seems nonsensical - packet sniffing of the data
transfer from a TroopMaster client would trivially reveal the IP
address of the server, which in turn would probably reveal the
physical location (or at least the datacenter) of the server
hardware. What location is being protected here, how, and why? If
the server is properly secured, how does hiding the server location
improve the security of the data?
4.) The DotNet website says that it is possible to block sensitive
data fields (SSNs, driver license numbers) from certain users. Are
these restrictions cryptographically enforced, or are they only
enforced by TroopMaster permissions-checking logic? If the latter,
has the possibility of unauthorized users recovering sensitive data
either by reverse-engineering the file format or by examining program
state using a debugger been considered and addressed?
Thanks in advance for any light you can shed on these issues - I'm
intrigued by the capabilities that DotNet provides, but I want to make
sure that we're appropriately protecting Scout personal information.
Regards,
Zach Heaton
« Return to Thread: Questions on TroopMaster DotNet Security
| Free embeddable forum powered by Nabble | Forum Help |
